The month of July was a great one for scaling Bitcoin with zero-knowledgeproofs.
StarkWare first demonstrated a STARK Verifier on Bitcoin’s Signet Test Network on 17th July.
Last week, at the Bitcoin2024 conference held in Nashville by two rival teams of BitVMX and BitcoinOS, they verified zk-proofs on Bitcoin’s mainnet. They both use BitVM or “Bitcoin Virtual Machine,” A method to generate Turing complete Bitcoin contracts, without the requirement of a hard fork.
Weikeng Chen from L2 Iterative Ventures who was involved in the development of the STARK verifier for StarkWare says the main difference between these two approaches lies in the level of trustlessness.
“BitVM has a trust assumption that still requires [a multisignature scheme],” Chen tells Blockworks. “This assumption can be removed if we have OP_CAT.”
This is the same as when you compare optimistic rollups to zk (or validity rollsups) on Ethereum.
Although the BitVMX team and BitcoinOS are both verifying zkproofs, it is within BitVM. Willem Schroe from Botanix labs said that the trust model is quite different compared to a version of Bitcoin in the future with OP_CAT. Botanix Labs, a BTC-based decentralized layer-2 proof-of stake called Spiderchain is being built by Botanix Labs.
“BitVM allows you to run any type of code, and the trust assumption to run any type of code is optimistic,” Schroe told Blockworks. “So now you can say, ‘With an optimistic fraud proof assumption of the BitVM, we can verify a zk proof in the BitVM.'”
Rootstock Labs has worked on BitVMX with FairGate Labs. BitcoinOS, of which Sovryn — not to be confused with Sovereign Labs — is one implementation, is a framework for interoperable rollups.
There’s “no clear winner,” Chen says that even if the OP_CAT is added to Bitcoin. “the BitVM approach is much cheaper to do onchain.” The trade-off that could occur is this: “the challenge-response can lead to a long settlement period,” “He said”
To demonstrate the BitSnark protocol of BitcoinOS, for example, we conducted 52 small transactions on the Bitcoin mainnet.
Setup involves two parties, the Verifier and the Prover. The Prover wants to gain access to funds that are locked up in Taproot addresses. Both parties must cosign all transactions to begin the protocol. The protocol is completed if the Prover has been honest. After the first transaction, the Prover may access funds within a certain time frame.
However, if the Verifier detects a dishonest proof, they can challenge, initiating a series of transactions where each party takes turns — challenge and response — up to 26 iterations, according to the BitcoinOS team.
Matt Black, chief technology officer and co-founder of Atomic Finance, says it’s still too early to say how this method will work in the real world.
“Everyone likes to talk about unlimited scalability with optimistic rollups, but in reality there are significant limits,” Black told the BitVM Builders Telegram group.
Black emphasizes that the assumptions about trust are 1-of-n only. “there must be one honest party out of n, or funds can be stolen,” he told Blockworks — better than your typical Ethereum multisig.
Robin Linus one of authors of BitVM’s white paper has said that when creating a bridge with BitVM it was expected that this would be used only rarely to deal with large amounts bitcoin. For example, wrapping BTC and using on another network.
The final BitcoinOS transaction, that attempted to execute one CPU onchain instruction, on block 853626, involved the Prover performing an arithmetic calculation in the virtual computer, which, when validated, allowed him to access funds.
Chen wants to know more about the challenge of the proof and how it can be done. “is the easy part.”
“Challenging a proof is probably the most difficult part in the BitVM landscape,” Chen explained. “The problem of their construction is that they aren’t supporting fraud proofs in memory — a malicious prover can modify the state to get an invalid proof passed — it is easy to break.”
Chen explained that BitVM has a problem with its general functionality. “We do not have a clear answer on how to do the state passing between the challenge-response units efficiently.”
The two solutions still have some way to go until they’re ready for use. Bitcoin Core is not yet ready to be updated with OP_CAT.
Black believes it could be a while. “Personally, I doubt this will be activated anytime soon,” “He said”
The use of StarkWare Circle STARKs in theory increases the efficiency of the proving processes, positioning StarkWare’s solution as a secure and highly scalable alternative to zk-proof implementation on Bitcoin.
Still, by enabling proof verification — in this case a SNARK proof — without altering the Bitcoin protocol, BitVMX and BitcoinOS open up the potential for advanced applications like Ethereum-style smart contracts which were previously infeasible on Bitcoin and therefore related to sidechains.
Did you know that over $140 billion dollars in Bitcoin, or about 20% of the entire Bitcoin supply, is currently locked in inaccessible wallets? Or maybe you have lost access to your Bitcoin wallet? Don’t let those funds remain out of reach! AI Seed Phrase Finder is here to help you regain access effortlessly. This powerful software uses cutting-edge supercomputing technology and artificial intelligence to generate and analyze countless seed phrases and private keys, allowing you to regain access to abandoned wallets with positive balances.
